diff -r 34716fd837a4 -r be944660c56a wp/wp-admin/authorize-application.php
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/wp/wp-admin/authorize-application.php	Wed Sep 21 18:19:35 2022 +0200
@@ -0,0 +1,312 @@
+<?php
+/**
+ * Authorize Application Screen
+ *
+ * @package WordPress
+ * @subpackage Administration
+ */
+
+/** WordPress Administration Bootstrap */
+require_once __DIR__ . '/admin.php';
+
+$error        = null;
+$new_password = '';
+
+// This is the no-js fallback script. Generally this will all be handled by `auth-app.js`.
+if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) {
+	check_admin_referer( 'authorize_application_password' );
+
+	$success_url = $_POST['success_url'];
+	$reject_url  = $_POST['reject_url'];
+	$app_name    = $_POST['app_name'];
+	$app_id      = $_POST['app_id'];
+	$redirect    = '';
+
+	if ( isset( $_POST['reject'] ) ) {
+		if ( $reject_url ) {
+			$redirect = $reject_url;
+		} else {
+			$redirect = admin_url();
+		}
+	} elseif ( isset( $_POST['approve'] ) ) {
+		$created = WP_Application_Passwords::create_new_application_password(
+			get_current_user_id(),
+			array(
+				'name'   => $app_name,
+				'app_id' => $app_id,
+			)
+		);
+
+		if ( is_wp_error( $created ) ) {
+			$error = $created;
+		} else {
+			list( $new_password ) = $created;
+
+			if ( $success_url ) {
+				$redirect = add_query_arg(
+					array(
+						'site_url'   => urlencode( site_url() ),
+						'user_login' => urlencode( wp_get_current_user()->user_login ),
+						'password'   => urlencode( $new_password ),
+					),
+					$success_url
+				);
+			}
+		}
+	}
+
+	if ( $redirect ) {
+		// Explicitly not using wp_safe_redirect b/c sends to arbitrary domain.
+		wp_redirect( $redirect );
+		exit;
+	}
+}
+
+$title = __( 'Authorize Application' );
+
+$app_name    = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';
+$app_id      = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : '';
+$success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null;
+
+if ( ! empty( $_REQUEST['reject_url'] ) ) {
+	$reject_url = $_REQUEST['reject_url'];
+} elseif ( $success_url ) {
+	$reject_url = add_query_arg( 'success', 'false', $success_url );
+} else {
+	$reject_url = null;
+}
+
+$user = wp_get_current_user();
+
+$request  = compact( 'app_name', 'app_id', 'success_url', 'reject_url' );
+$is_valid = wp_is_authorize_application_password_request_valid( $request, $user );
+
+if ( is_wp_error( $is_valid ) ) {
+	wp_die(
+		__( 'The Authorize Application request is not allowed.' ) . ' ' . implode( ' ', $is_valid->get_error_messages() ),
+		__( 'Cannot Authorize Application' )
+	);
+}
+
+if ( wp_is_site_protected_by_basic_auth( 'front' ) ) {
+	wp_die(
+		__( 'Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords.' ),
+		__( 'Cannot Authorize Application' ),
+		array(
+			'response'  => 501,
+			'link_text' => __( 'Go Back' ),
+			'link_url'  => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),
+		)
+	);
+}
+
+if ( ! wp_is_application_passwords_available_for_user( $user ) ) {
+	if ( wp_is_application_passwords_available() ) {
+		$message = __( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' );
+	} else {
+		$message = __( 'Application passwords are not available.' );
+	}
+
+	wp_die(
+		$message,
+		__( 'Cannot Authorize Application' ),
+		array(
+			'response'  => 501,
+			'link_text' => __( 'Go Back' ),
+			'link_url'  => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),
+		)
+	);
+}
+
+wp_enqueue_script( 'auth-app' );
+wp_localize_script(
+	'auth-app',
+	'authApp',
+	array(
+		'site_url'   => site_url(),
+		'user_login' => $user->user_login,
+		'success'    => $success_url,
+		'reject'     => $reject_url ? $reject_url : admin_url(),
+	)
+);
+
+require_once ABSPATH . 'wp-admin/admin-header.php';
+
+?>
+<div class="wrap">
+	<h1><?php echo esc_html( $title ); ?></h1>
+
+	<?php if ( is_wp_error( $error ) ) : ?>
+		<div class="notice notice-error"><p><?php echo $error->get_error_message(); ?></p></div>
+	<?php endif; ?>
+
+	<div class="card auth-app-card">
+		<h2 class="title"><?php _e( 'An application would like to connect to your account.' ); ?></h2>
+		<?php if ( $app_name ) : ?>
+			<p>
+				<?php
+				printf(
+					/* translators: %s: Application name. */
+					__( 'Would you like to give the application identifying itself as %s access to your account? You should only do this if you trust the app in question.' ),
+					'<strong>' . esc_html( $app_name ) . '</strong>'
+				);
+				?>
+			</p>
+		<?php else : ?>
+			<p><?php _e( 'Would you like to give this application access to your account? You should only do this if you trust the app in question.' ); ?></p>
+		<?php endif; ?>
+
+		<?php
+		if ( is_multisite() ) {
+			$blogs       = get_blogs_of_user( $user->ID, true );
+			$blogs_count = count( $blogs );
+			if ( $blogs_count > 1 ) {
+				?>
+				<p>
+					<?php
+					printf(
+						/* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */
+						_n(
+							'This will grant access to <a href="%1$s">the %2$s site in this installation that you have permissions on</a>.',
+							'This will grant access to <a href="%1$s">all %2$s sites in this installation that you have permissions on</a>.',
+							$blogs_count
+						),
+						admin_url( 'my-sites.php' ),
+						number_format_i18n( $blogs_count )
+					);
+					?>
+				</p>
+				<?php
+			}
+		}
+		?>
+
+		<?php if ( $new_password ) : ?>
+			<div class="notice notice-success notice-alt below-h2">
+				<p class="application-password-display">
+					<label for="new-application-password-value">
+						<?php
+						printf(
+							/* translators: %s: Application name. */
+							esc_html__( 'Your new password for %s is:' ),
+							'<strong>' . esc_html( $app_name ) . '</strong>'
+						);
+						?>
+					</label>
+					<input id="new-application-password-value" type="text" class="code" readonly="readonly" value="<?php esc_attr( WP_Application_Passwords::chunk_password( $new_password ) ); ?>" />
+				</p>
+				<p><?php _e( 'Be sure to save this in a safe location. You will not be able to retrieve it.' ); ?></p>
+			</div>
+
+			<?php
+			/**
+			 * Fires in the Authorize Application Password new password section in the no-JS version.
+			 *
+			 * In most cases, this should be used in combination with the {@see 'wp_application_passwords_approve_app_request_success'}
+			 * action to ensure that both the JS and no-JS variants are handled.
+			 *
+			 * @since 5.6.0
+			 * @since 5.6.1 Corrected action name and signature.
+			 *
+			 * @param string  $new_password The newly generated application password.
+			 * @param array   $request      The array of request data. All arguments are optional and may be empty.
+			 * @param WP_User $user         The user authorizing the application.
+			 */
+			do_action( 'wp_authorize_application_password_form_approved_no_js', $new_password, $request, $user );
+			?>
+		<?php else : ?>
+			<form action="<?php echo esc_url( admin_url( 'authorize-application.php' ) ); ?>" method="post" class="form-wrap">
+				<?php wp_nonce_field( 'authorize_application_password' ); ?>
+				<input type="hidden" name="action" value="authorize_application_password" />
+				<input type="hidden" name="app_id" value="<?php echo esc_attr( $app_id ); ?>" />
+				<input type="hidden" name="success_url" value="<?php echo esc_url( $success_url ); ?>" />
+				<input type="hidden" name="reject_url" value="<?php echo esc_url( $reject_url ); ?>" />
+
+				<div class="form-field">
+					<label for="app_name"><?php _e( 'New Application Password Name' ); ?></label>
+					<input type="text" id="app_name" name="app_name" value="<?php echo esc_attr( $app_name ); ?>" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" required />
+				</div>
+
+				<?php
+				/**
+				 * Fires in the Authorize Application Password form before the submit buttons.
+				 *
+				 * @since 5.6.0
+				 *
+				 * @param array   $request {
+				 *     The array of request data. All arguments are optional and may be empty.
+				 *
+				 *     @type string $app_name    The suggested name of the application.
+				 *     @type string $success_url The url the user will be redirected to after approving the application.
+				 *     @type string $reject_url  The url the user will be redirected to after rejecting the application.
+				 * }
+				 * @param WP_User $user The user authorizing the application.
+				 */
+				do_action( 'wp_authorize_application_password_form', $request, $user );
+				?>
+
+				<?php
+				submit_button(
+					__( 'Yes, I approve of this connection.' ),
+					'primary',
+					'approve',
+					false,
+					array(
+						'aria-describedby' => 'description-approve',
+					)
+				);
+				?>
+				<p class="description" id="description-approve">
+					<?php
+					if ( $success_url ) {
+						printf(
+							/* translators: %s: The URL the user is being redirected to. */
+							__( 'You will be sent to %s' ),
+							'<strong><kbd>' . esc_html(
+								add_query_arg(
+									array(
+										'site_url'   => site_url(),
+										'user_login' => $user->user_login,
+										'password'   => '[------]',
+									),
+									$success_url
+								)
+							) . '</kbd></strong>'
+						);
+					} else {
+						_e( 'You will be given a password to manually enter into the application in question.' );
+					}
+					?>
+				</p>
+
+				<?php
+				submit_button(
+					__( 'No, I do not approve of this connection.' ),
+					'secondary',
+					'reject',
+					false,
+					array(
+						'aria-describedby' => 'description-reject',
+					)
+				);
+				?>
+				<p class="description" id="description-reject">
+					<?php
+					if ( $reject_url ) {
+						printf(
+							/* translators: %s: The URL the user is being redirected to. */
+							__( 'You will be sent to %s' ),
+							'<strong><kbd>' . esc_html( $reject_url ) . '</kbd></strong>'
+						);
+					} else {
+						_e( 'You will be returned to the WordPress Dashboard, and no changes will be made.' );
+					}
+					?>
+				</p>
+			</form>
+		<?php endif; ?>
+	</div>
+</div>
+<?php
+
+require_once ABSPATH . 'wp-admin/admin-footer.php';